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What is claimed is: 

1 . In a system corJiprising at least one application and a framework, a 
method performed by the framjework comprising: 

receiving a request fror^i the apphcation for a customized implementation of a 
service; 

determining a set of zero or more restrictions to be imposed upon said 
customized implementation; 

dynamically constructing said customized implementation, said customized 
implementation incorporating said restrictions, and comprising enforcement logic for 
enforcing said restrictions; and 

providing said customi2 ed implementation to the application. 



2. The method 
invocable by the application 



of 4laim 1 , wherein said customized implementation is 
without further interaction with the framework. 



3. The method 
implementation for said servict 
and wherein said customized i 
implementation. 



restrictions on said general imp 



of ilaim 1 , wherein the system further comprises a general 
, wherein said general implementation is unrestricted, 
ibplementation fiarther incorporates said general 



4. The method of claim 3, wherein said enforcement logic enforces said 



ementation. 



5. The method of claim 1, wherein said enforcement logic is invoked 
25 upon initialization of said customized implementation. 
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ti. 



6. The me 
receives a set of 



od of claim 5, wherein said enforcement logic, when invoked: 
esired parameters from the application; 
determines whettier the desired parameters exceed said restrictions; and 
in response to a determination that the desired parameters exceed said 
restrictions, preventing s£nd customized implementation from operating. 



7. The method of claim 5, wherein said service is an 
encryption/decryption service, and wherein said enforcement logic, when invoked: 

determines whether a particular exemption mechanism has been invoked; and 
in response to a determination that the particular exemption mechanism has 
not been invoked, preventiAg said customized implementation from operating. 



8. The method of claim 1, wherein determining the set of zero or more 
restrictions comprises: 

accessing informatioA specifying one or more limitations; and 
processing said limitations to derive said restrictions. 

9. The method of olaim 8, wherein said service is an 
encryption/decryption service, and wherein said information comprises a set of one or 
more default encryption limitations. 



10. The method of clami 9, wherein said default encryption limitations are 
derived by merging multiple jurisdiction policies and extracting therefrom the most 
restrictive encryption limitations. 
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1 1 . The method of claim 1 , wherein detemiining the set of zero or more 
restrictions comprises: 

accessing inforriiation specifying one or more Umitations; 
determining permissions, if any, granted to the apphcation; and 
reconciUng said i[imitations and said permissions to derive said restrictions. 

12. The method of claim 11, wherein said limitations and said permissions 
are reconciled to derive restrictions which are least restrictive. 

13. The method of claim 11, wherein said service is an 



encryption/decryption ser\ 
more default encryption li 



ice, and wherein said information comprises a set of one or 
itations, and a set of zero or more exempt encryption 



limitations which apply when one or more exemption mechanisms are implemented. 

14. The method jpf claim 13, wherein said default encryption limitations 
and said exempt encryption [limitations are derived by merging multiple jurisdiction 
policies and extracting therefrom the most restrictive encryption limitations. 

15. The method o^claim 13, wherein reconciling said limitations and said 
permissions comprises: 

determining whether thb application has been granted any permissions; and 
in response to a determination that the application has not been granted any 
permissions, deriving said restrictions from said set of default encryption limitations. 
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16. The method of claim 13, wherein reconciling said limitations and said 



permissions composes: 

determining Whether the appHcation has been granted any permissions which 
require implementat^n of a particular exemption mechanism; 



in response to 
permission which req 
determining whether 



a determination that the application has been granted a 
aires implementation of a particular exemption mechanism, 
said exempt encryption limitations allow said particular 



exemption mechanism to be implemented; and 



in response to 



a determination that said exempt encryption limitations allow 



from said set of exem 



said particular exemption mechanism to be implemented, deriving said restrictions 



t encryption limitations. 



17, The mahod of claim 1, wherein the system further comprises a general 
implementation for said service, and wherein dynamically constructing said 
customized implementation comprises: 

instantiating thelgeneral implementation to give rise to a general 
implementation instance 

instantiating a wrkpper object; and 

encapsulating said! general implementation instance and said restrictions 
within said wrapper object! to derive said customized implementation. 



18. The method of claim 17, wherein said wrapper object comprises one or 
more invocable methods, wnerein said general implementation instance comprises one 
or more invocable methods, and wherein encapsulating comprises: 
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mapping one or mc 
or more of the invocable n 

19. Themethoc 



re of the invocable methods of said wrapper object to one 
ethods of said general implementation instance. 



5 initialization logic for 
instance. 



of claim 18, wherein said wrapper object comprises 
enforcing said restrictions on said general implementation 



20. The method of claim 19, wherein said initialization logic is invoked 
prior to allowing any of the pvocable methods of said general implementation 
10 instance to be invoked. 



21. The method of claim 17, further comprising: 
2nipti( 



instantiating an exei^ption mechanism to give rise to an exemption mechanism 
instance; and 

encapsulating said exemption mechanism instance within said wrapper object. 

22. hi a system comprising at least one application, a framework 
comprising: 

a mechanism for receiving a request from the application for a customized 
implementation of a service; 

a mechanism for determining a set of zero or more restrictions to be imposed 



upon said customized implernentation; 

i|mi 



a mechanism for dyn4mically constructing said customized implementation, 
said customized implementation incorporating said restrictions, and comprising 
enforcement logic for enforcirig said restrictions; and 
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a mechanism for pn 



23. The 
is invocable by the apph 



framew<i)rk of claim 22, wherein said customized implementation 
icatlon without further interaction with said framework. 



24. The framework 
general implementation for 
unrestricted, and wherein thb 
customized implementation 
said customized implementation 



viding said customized implementation to the application. 



of claim 22, wherein the system further comprises a 
said service, wherein said general implementation is 

mechanism for dynamically constructing said 
further incorporates said general implementation within 



25. The framework of claim 24, wherein said enforcement logic enforces 
said restrictions on said general implementation. 



26. The framework of claim 22, wherein said enforcement logic is invoked 
upon initialization of said customized implementation. 



27. The framework of claim 26, wherein said enforcement logic, when 
invoked: 

receives a set of desired parameters from the application; 
determines whether the flesired parameters exceed said restrictions; and 
in response to a deternmmtion that the desired parameters exceed said 
restrictions, preventing said customized implementation from operating. 
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determines whet] 



28. The fram(jwork of claim 26, wherein said service is an 
encryption/decryption service, and wherein said enforcement logic, when invoked: 

3r a particular exemption mechanism has been invoked; and 
in response to a determination that the particular exemption mechanism has 
not been invoked, preventing said customized implementation from operating. 



29. The framework of claim 22, wherein the mechanism for determining 
the set of zero or more restrictions comprises: 

a mechanism for accessing information specifying one or more limitations; 

and 



cis 



a mechanism for processing said limitations to derive said restrictions. 

1 



30. The framework of claim 29, wherein said service is an 
encryption/decryption service] and wherein said information comprises a set of one or 
more default encryption limitations. 



31. The framework of claim 30, wherein said default encryption limitations 
are derived by merging multiple jurisdiction policies and extracting therefrom the 
most restrictive encryption limitLtions. 



32. The framework of claim 22, wherein the mechanism for determining 



the set of zero or more restrictior 



s composes: 



a mechanism for accessing information specifying one or more limitations; 
a mechanism for determijing permissions, if any, granted to the application; 



and 
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a mechanism for reconciling said limitations and said permissions to derive 
said restrictions. 



33. The frameworl< 



of claim 32, wherein said limitations and said 



permissions are reconciled to derive restrictions which are least restrictive. 

34. The framework 
encryption/decrj^tion service, 
more default encryption limitat 



)f claim 32, wherein said service is an 
jind wherein said information comprises a set of one or 
ons, and a set of zero or more exempt encryption 



limitations which apply when c ne or more exemption mechanisms are implemented. 



35. The framework 
and said exempt encryption linlitations 
policies and extracting therefrojm 



Df claim 34, wherein said default encryption limitations 
are derived by merging multiple jurisdiction 
the most restrictive encryption limitations. 



36. 



The framework 



of claim 34, wherein the mechanism for reconciling 
said limitations and said permissions comprises: 

a mechanism for detem lining whether the application has been granted any 
permissions; and 

a mechanism for deriviijg, in response to a determination that the application 
has not been granted any permi ;sions, said restrictions from said set of default 
encryption limitations. 



37. The framework 
said limitations and said 



o[f claim 34, wherein the mechanism for reconciling 
permissions comprises: 
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a mechanism for deteirnining whether the apphcation has been granted any 
pemiissions which require inrplementation of a particular exemption mechanism; 

a mechanism for dete mining, in response to a determination that the 
apphcation has been granted a permission which requires implementation of a 
particular exemption mechai ism, whether said exempt encryption limitations allow 
said particular exemption m(;chanism to be implemented; and 

a mechanism for deriving, in response to a determination that said exempt 
encryption limitations allow said particular exemption mechanism to be implemented, 
said restrictions from said set of exempt encryption limitations. 



38. The framework of claim 22, wherein the system fiulher comprises a 
general implementation for said service, and wherein the mechanism for dynamically 
constructing said customized implementation comprises: 

a mechanism for instantiating the general implementation to give rise to a 
general implementation ins ance; 

a mechanism for instantiating a wrapper object; and 

a mechanism for encapsulating said general implementation instance and said 
restrictions within said wrapper object to derive said customized implementation. 

39. The framework of claim 38, wherein said wrapper object comprises 
one or more invocable mefthods, wherein said general implementation instance 
comprises one or more iirvocable methods, and wherein the mechanism for 
encapsulating comprisesf 
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a mechanism for map )ing one or more of the invocable methods of said 
wrapper object to one or moi:;^ of the invocable methods of said general 
implementation instance. 



40. The framewo: 
initialization logic for enforcjing 
instance. 



k of claim 39, wherein said wrapper object comprises 
said restrictions on said general implementation 



41 . The framework of claim 40, wherein said initialization logic is invoked 
prior to allowing any of the invocable methods of said general implementation 
instance to be invoked. 

42. The framewc|rk of claim 38, further comprising: 
a mechanism for instantiating an exemption mechanism to give rise to an 

exemption mechanism instance; and 

a mechanism for encapsulating said exemption mechanism instance within 
said wrapper object. 



43, In a system 
medium having stored thereon 
processors, cause the one oi- 
dynamically constructs a 
readable medium comprisiijg 

instructions for 
application for a customized 



( omprising at least one application, a computer readable 
instructions which, when executed by one or more 
more processors to implement a framework which 
customized implementation of a service, said computer 

cau^mg one or more processors to receive a request from the 
implementation of a service; 
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instructions for causing one or more processors to determine a set of zero or 
more restrictions to be imposed upon said customized implementation; 

instructions for cau ;ing one or more processors to dynamically construct said 
customized implementation, said customized implementation incorporating said 
restrictions, and comprising; enforcement logic for enforcing said restrictions; and 

instructions for caus ing one or more processors to provide said customized 
implementation to the appli cation. 

44. The computer readable medium of claim 43, wherein said customized 



implementation is invocab 
framework. 



45. Thecompu 
further comprises a generajl 
implementation is unrestrii^ted 
incorporates said general i 



e by the application without further interaction with the 



er readable mediimi of claim 43, wherein the system 
implementation for said service, wherein said general 
, and wherein said customized implementation further 
inplementation. 



46. The computje 
logic enforces said restrictibns 



T readable medium of claim 45, wherein said enforcement 
on said general implementation. 



47. The computer readable medium of claim 43, wherein said enforcement 
logic is invoked upon initiallization of said customized implementation. 



48. The computet 
logic, when invoked: 



readable medium of claim 47, wherein said enforcement 
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receives a set 
determines whether 



in response to a 
restrictions, preventing sai 



of desired parameters from the application; 

the desired parameters exceed said restrictions; and 
ddtermination that the desired parameters exceed said 
] d customized implementation from operating. 



49. The comput ^r readable medium of claim 47, w^herein said service is an 



encryption/decryption servi 
determines whether 



:e, and wherein said enforcement logic, when invoked: 
a particular exemption mechanism has been invoked; and 



in response to a dete rmination that the particular exemption mechanism has 



not been invoked, preventir 



50. The computer 
for causing one or more 



prccessors 



compnses: 

instructions for 
specifying one or more lim 

instructions for 
derive said restrictions. 



g said customized implementation from operating. 



readable medium of claim 43, wherein the instructions 
to determine the set of zero or more restrictions 



causing one or more pi*ocessors to access information 
tations; and 

causing one or more processors to process said limitations to 



51. The compute T readable mediimi of claim 50, wherein said service is an 
encrj^tion/decryption servi< :e, and wherein said information comprises a set of one or 
more default encryption limitations. 
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52. The computer rej dable medium of claim 5 1 , wherein said defauh 
encryption limitations are derive d by merging multiple jurisdiction policies and 
extracting therefrom the most restrictive encryption limitations. 

53. The computer readable medium of claim 43, wherein the instructions 
for causing one or more processors to determine the set of zero or more restrictions 
comprises: 

instructions for causing oije or more processors to access information 
specifying one or more limitations; 

instructions for causing or e or more processors to determine permissions, if 
any, granted to the application; and 

instructions for causing one or more processors to reconcile said limitations 
and said permissions to derive said restrictions. 



54. The computer readable 
and said permissions are reconciled 



medium of claim 53, wherein said limitations 
to derive restrictions which are least restrictive. 



55. The computer reada ble medium of claim 53, wherein said service is an 
encryption/decryption service, and wherein said information comprises a set of one or 
more default encryption limitations, and a set of zero or more exempt encryption 
limitations which apply when one or more exemption mechanisms are implemented. 



56. The computer readable 
encryption limitations and said exeinpt 



medium of claim 55, wherein said default 
encryption limitations are derived by merging 



5437-1 12/P4552NP 



54 




multiple jurisdiction policie > and extracting therefrom the most restrictive encryption 
limitations. 



m 

Ik 



57. The computer readable medium of claim 55, wherein the instructions 
5 for causing one or more processors to reconcile said limitations and said permissions 
comprises: 

instructions for causinjg one or more processors to determine whether the 

any permissions; and 
instructions for causing one or more processors to derive, in response to a 
10 determination that the applicai ion has not been granted any permissions, said 
restrictions from said set of default encryption limitations. 



15 



20 



application has been granted 



5 8 . The computer r 
for causing one or more 



processors 



sadable medium of claim 55, wherein the instructions 
to reconcile said limitations and said permissions 



3ne or more processors to determine whether the 
permissions which require implementation of a 



compnses: 

instructions for causing 
application has been granted an^^ 
particular exemption mechanisrn; 

instructions for causing ope or more processors to determine, in response to a 

has been granted a permission which requires 
cbmption mechanism, whether said exempt 
encryption limitations allow said particular exemption mechanism to be implemented; 
and 

instructions for causing onk or more processors to derive, in response to a 
25 determination that said exempt enc -yption limitations allow said particular exemption 



determination that the applicatioi i 
implementation of a particular ex 
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mechanism to be implemented, said restrictions from said set of exempt encryption 
limitations. 

59. The comp uter readable medium of claim 43, wherein the system 
further comprises a geneial implementation for said service, and wherein the 
instructions for causing o le or more processors to dynamically construct said 
customized implementation comprises: 

instructions for caising one or more processors to instantiate the general 
implementation to give r^se to a general implementation instance; 

instructions for causing one or more processors to instantiate a wrapper object; 

and 

instructions for qausing one or more processors to encapsulate said general 



implementation instance 



customized implementation. 



60. 



The comi 



and said restrictions within said v^apper object to derive said 



iputer readable medium of claim 59, wherein said v^apper 
object comprises one or more invocable methods, wherein said general 
implementation instance comprises one or more invocable methods, and wherein the 
instructions for causing one or more processors to encapsulate comprises: 

instructions for causing one or more processors to map one or more of the 
invocable methods of said! wrapper object to one or more of the invocable methods of 
said general implementation instance. 
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61 . The computer readable medium of claim 60, wherein said wrapper 
object comprises initialization logic for enforcing said restrictions on said general 
implementation instance. 

62. The computer readable medium of claim 61, wherein said initialization 
logic is invoked prior to allowing any of the invocable methods of said general 
implementation instance to belinvoked. 



63. The computer readable medium of claim 59, further comprising: 
instructions for causing lone or more processors to instantiate an exemption 

mechanism to give rise to an exemption mechanism instance; and 

instructions for causing one or more processors to encapsulate said exemption 

mechanism instance within said vrapper object. 
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